Exploit: Phishing attack
Ameritas: Insurance company operating as a subsidiary of Ameritas Mutual Holding Company
Risk to Small Business: Severe: Several employees fell for a phishing scam and provided their credentials to hackers who used that information to access customer data. The insurance company disabled the affected accounts and issued a company-wide, mandatory password reset. The company’s quick actions certainly prevented the data breach from becoming more expansive, but even temporary access can allow hackers to inflict significant damage on a company’s data security. Because Ameritas failed to adequately prepare their employees for a phishing scam, they will now incur the significant cost of hiring an external security firm to shore up their data integrity, even as they face the less quantifiable reputational cost that always accompanies a data breach.
Individual Risk: Severe: Hackers accessed customers’ personally identifiable information, including names, addresses, email addresses, social security numbers, and policy numbers. Ameritas is offering one year of free credit and identity monitoring services, and anyone impacted by this data breach should enroll in these programs. At the same time, they should diligently monitor their accounts for unusual or suspicious activity.
Customers Impacted: Unknown
How it Could Affect Your Business: The cost of a data breach is higher now than ever before, which makes a preventable data breach even more egregious. Consequently, awareness training should be a top priority for every company. The expense of credit and identity monitoring services, reputational damage, and IT upgrades far exceeds the awareness training that can prevent phishing scams from compromising customer data.
In Other News: Capital One Data Breach Impacts US and Canadian Customers
An expansive data breach at the credit card juggernaut, Capital One Financial, has compromised the personal information for more than 100 million US and Canadian customers.
The breach exposed the personal data for more than six-million Canadians, making it one of the most significant data breaches in the country’s history. Capital One, which provides Mastercard credit cards for retailers like Costco Wholesale and Hudson Bay Company, noted that the data is primarily restricted to consumers and small businesses who applied for a credit card between 2005 and 2019.
The data includes names, addresses, postal codes, phone numbers, dates of birth, and incomes. For US customers, the stolen data also includes 80,000 linked bank account numbers and 140,000 social security numbers.
The incident is just the latest wide-spread data breach impacting small businesses and consumers, making their preemptive data protection a must-have element of personal or organization data security.